package com.base.vistter.iframe.inverter.interceptor;


import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.HandlerInterceptor;
@Slf4j
public class SafetyInterceptor implements HandlerInterceptor {
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        response.addHeader("Content-Security-Policy", "default-src 'self'; img-src 'self' data:; upgrade-insecure-requests");
        response.addHeader("X-Content-Type-Options", "nosniff");
        response.addHeader("X-XSS-Protection", "1; mode=block");
        response.addHeader("X-Frame-Options", "DENY");
        response.addHeader("Strict-Transport-Security", "63072000;includeSubDomains;preload");
        response.addHeader("Referrer-Policy", "strict-origin-when-cross-origin");
        response.addHeader("X-Permitted-Cross-Domain-Policies", "none");
        response.addHeader("X-Download-Options", "noopen");
    }

}
